1. Field of the Invention
The present invention generally relates generally to computer security, and more particularly relates to a confidential and secure architecture for implementing a fraud detection system and method.
2. Related Art
With the increase concern over global terrorism, fraud detection has become a critical tool in tracking and preventing criminal activities. In particular, Fraud Detection (FD) and Anti Money Laundering (AML) have been specifically identified under the Patriot Act as part of the anti-terrorist effort following the Sep. 11, 2001 tragedy. For the purposes of this disclosure the term “fraud detection” may include, e.g., check fraud, credit card fraud, debit card fraud, wire payment fraud, ATM fraud, fraud involving Automated Clearinghouse (ACH) transactions, as well as money laundering. Numerous fraud detection applications and techniques have been proposed, which make use of a range of approaches including fuzzy logic and artificial intelligence (e.g., machine learning, data mining, neural networks, etc.).
The key to the effective application of these techniques is a sufficiently large data set in order to be able to ensure a statistically significant sample size to minimize false positives. Thus, for instance, determining whether a significant money transfer is potentially fraudulent can generally be done with greater confidence when it is viewed in the context of a large set of transactions. To achieve a reasonable level of confidence, the data set may need to extend across an institution, and where possible outside the institution. It is this need to leverage as much data as possible that creates the challenge for financial institutions. Sharing data either between lines of business (LOBs) within an institution or among distinct institutions can present challenges. These challenges are particularly acute within financial institutions (FIs), in which:                (1) The data may be confidential and therefore critical to a firm's competitive positioning. Protecting the secrecy of such data against the competition, and as much as legally possible against any party, is therefore a priori incompatible with data sharing among various institutions; and        (2) The data may be private, i.e., customer sensitive, and protecting the secrecy of the data is critical for the customers of the institution, who are sensitive to privacy. The need for privacy may also result from legislation, such as the Gramm-Leach-Bliley Financial Modernization Act.        
Heretofore, attempts have been made to use a third party to collect such sensitive data. However, a problem connected with third party collection is directly linked to the lack of control of the third party. Specifically, the third party usually does not obtain all of the necessary data. Moreover, access to the data in these instances is often not controlled. Thus, confidential details are at risk of being exposed.
Thus, a solution is required in which institutions can share data in such a manner that the confidentiality and privacy can be maintained, while still allowing fraud detection applications to be run on the shared data.